ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update user creation with keeping public key on the server

Browse Source 
With this I can check if I have added that key already to avoid ssh key
double creations
This commit is contained in:
Clemens Schwaighofer
2022-03-09 15:27:46 +09:00
parent 6ce9b40565
commit 971f9afdd5
3 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
bin/user_create.sh
View File

@@ -41,6 +41,7 @@ output_file="user_password.${timesamp}.txt";
output_zip_folder='zip/';
output_zip="users.${timesamp}.zip"
ssh_keygen_folder='ssh-keygen/';
ssh_keygen_folder_created_pub='ssh-keygen-created-pub/';
ssh_keytype='ed25519';
# check if ssh key folder exists
if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
@@ -122,6 +123,10 @@ while read i; do
ssh_keygen_id="${hostname}${separator}${group}${separator}${user}${separator}${ssh_keytype}.pem";
# the full file including folder name
ssh_keyfile="${root_folder}${ssh_keygen_folder}${ssh_keygen_id}";
# publ file if new
ssh_keyfile_pub="${ssh_keyfile}.pub";
# check existing pub file
ssh_keyfile_check_pub="${root_folder}${ssh_keygen_folder_created_pub}${ssh_keygen_id}.pub";
# check if user is not already created
if getent passwd ${user} > /dev/null 2>&1; then
echo "-- Skip '${user}:${group}(${sub_group})'";
@@ -135,7 +140,7 @@ while read i; do
fi;
skip_ssh=0;
# if public pem already exists skip creation
if [ ! -f "${ssh_keyfile}.pub" ]; then
if [ ! -f "${ssh_keyfile_check_pub}" ]; then
# Note we only create a password if we need it
# password + store pwgen 10 1 -1
if [ -z "${_password}" ]; then
@@ -152,15 +157,17 @@ while read i; do
-C "${hostname}: ${user}@${group}" \
-a 100 -N "${password}"
else
found=$(grep "$(cat ${ssh_keyfile}.pub)" /home/${user}/.ssh/authorized_keys);
found=$(grep "$(cat ${ssh_keyfile_check_pub})" /home/${user}/.ssh/authorized_keys);
if [ ! -z "${found}" ]; then
skip_ssh=1;
# override previously set with stored one
ssh_keyfile_pub=${ssh_keyfile_check_pub};
echo "-- Skip SSH Key creation: ${ssh_keygen_id}.pub";
else
echo " < Use existing public ssh key '${ssh_keyfile}.pub'";
echo " < Use existing public ssh key '${ssh_keygen_id}.pub'";
# Password already set notification
password="[ALREADY SET]";
fi;
password="[ALREADY SET]";
fi;
if [ ${skip_ssh} -eq 0 ]; then
# write login info to output file
@@ -174,9 +181,9 @@ while read i; do
fi;
echo " > Add public into authorized_keys";
if [ ${TEST} -eq 0 ]; then
cat "${ssh_keyfile}.pub" > /home/${user}/.ssh/authorized_keys;
cat "${ssh_keyfile_pub}" > /home/${user}/.ssh/authorized_keys;
else
echo "$> cat ${ssh_keyfile}.pub > /home/${user}/.ssh/authorized_keys";
echo "$> cat ${ssh_keyfile_pub} > /home/${user}/.ssh/authorized_keys";
fi;
echo " > Secure folder .ssh and authorized_keys file";
if [ ${TEST} -eq 0 ]; then
@@ -202,9 +209,13 @@ zip -r \
echo "Download: ${root_folder}${output_zip_folder}${output_zip}";
# cleam up user log file and ssh keys
if [ ${TEST} -eq 0 ]; then
# move pub to created folders
mv "${root_folder}${ssh_keygen_folder}"*.pub "${root_folder}${ssh_keygen_folder_created_pub}";
# delete the rest
rm "${root_folder}${output_file}";
rm "${root_folder}${ssh_keygen_folder}"*;
else
echo "$> mv ${root_folder}${ssh_keygen_folder}*.pub ${root_folder}${ssh_keygen_folder_created_pub};";
echo "$> rm ${root_folder}${output_file}";
echo "$> rm ${root_folder}${ssh_keygen_folder}*";
fi;